Executive Summary
The US Defense Department engaged on a project with Virtustream to reduce IT costs and improve cybersecurity by building a forward-thinking hybrid cloud environment using software-defined networking and security techniques along with virtualization and automation software from VMware. The Pentagon’s then CIO, Terry Halvorsen, had a vision for a cloud-based environment and needed support for making the complex transition from a legacy architecture to a fully modernized and digitally transformed infrastructure. The customer was also seeking support for achieving DISA Secure Technical Implementation Guide (STIG) compliance accreditation.
Challenges
- Making the transition from a traditional data center to cloud architecture was more than the customer could tackle with internal resources
- Installing VMware products introduced unfamiliar territory, particularly with NSX
- The customer was seeking to gain ATO accreditation from DISA and align with DoD security guidelines
Solutions
- VMware NSX
- VMware vSphere
Business Impacts
- The customer received superior support to make the complete transition from legacy data center to fully cloud-based environment.
- VMware vSphere and NSX were deployed successfully and securely, enabling Virtustream to provision network components in minutes.
- Internal communication confusion was mitigated through the liaison efforts of August Schell.
- ATO accreditation from DISA and complete alignment with DoD security guidelines were ultimately achieved post-engagement.
Complete Transformation from a Traditional Data Center to a Cloud-Based System
This project began as an effort by the DoD CIO’s office to deliver a modernized cloud-based infrastructure to replace aging traditional data centers. The idea was to offer a software-defined approach that would streamline the delivery of and access to compute, network and storage resources in an efficient and security compliant environment. Dell Technologies and, specifically Virtustream, was engaged to lead this effort.
The customer had a vision of a robust cloud environment supported by VMware vSphere and NSX, ultimately to be automated by incorporating vRealize Automation and vRealize Operations Manager for comprehensive system monitoring and capacity planning. “This presented an entirely new concept for the customer,” said Frank Floyd, Consulting Engineer at August Schell. “They were definitely used to traditional data center services, and their goal was to transition to a modernized cloud infrastructure.”
With a whole new architecture in place, the customer faced a number of challenges and a lack of adequate internal resources to bring the build across the finish line. In particular, while they began an initial install for VMware NSX, completing the deployment proved to be more than they were prepared to handle.
Completing their NSX implementation in alignment with the DoD security guidelines and achieving their ATO (authority to operate) via DISA was their ultimate goal.
Picking up Where the Customer Left Off, Achieving a Successful NSX Deployment, and Conquering Compliance Requirements
“We were called on after the fact. Normally, when we deploy something like this, we’re in from the ground up to provide architectural design and best practices, but when we got there they’d already moved through the design phase,” Floyd recalled. August Schell kicked off the engagement in the midst of the implementation phase, which meant that our engineering team would have to pick up where the Virtustream team members left off and be flexible in the process. “We couldn’t back track. They’d already been working on the project and to go backward would cause financial issues and increase the amount of time it would take for them to achieve their ultimate goal of the ATO.”
August Schell was up for the challenge and joined the mix mid-implementation. Floyd and supporting engineers began by troubleshooting and fixing NSX components that were deployed incorrectly or misconfigured. “We really had to focus on fixing some of their hiccups. One of the things I thought was important was to provide plenty of documentation for them along the way,” Floyd explained.
August Schell documented the details of the implementation and provided guidance to Virtustream’s internal resources. “We worked side-by-side with them until NSX was deployed. Then DISA sent a team on site to evaluate the systems, and I was part of that evaluation team as the representative for all of the VMware components. This was part of the accreditation process.”
NSX Deployment Concludes Favorably, Virtustream Empowered to Complete DISA Accreditation Process
Overall, the project involved some improvisation in the sense that flexibility was required, but NSX was successfully deployed and the Virtustream ultimately made their goal of achieving accreditation for their DoD customer. The engagement was particularly unique in that it required ad hoc support as opposed to involvement from the ground up. “We had to build off of what they already had in place, but we made it happen and made sure they were successful,” Floyd continued.
As the project came to a close, August Schell made sure that NSX was correctly implemented and configured to set Virtustream and its DoD customer up for success with meeting DISA security standards. “We got very positive feedback in the end. During the project, Virtustream kept shifting resources on and off the project, so my goal was to streamline communications and make the implementation and deployment as painless as possible,” Floyd said.
The customer ultimately achieved their ATO accreditation thanks to the careful setup of VMware vSphere and NSX. “They felt very appreciative of our ability to come in, fix the issues they were having, and make recommendations for system design going forward, and we can always provide more services when they’re ready. There are definitely potential add-ons and products that we see as a big benefit, like vRealize Automation, vRealize Operations Manager and Splunk. In the end, we are here for them and continue to offer our assistance,” he concluded.